Insufficiently Protected S3 Bucket Endpoint in Automox Agent Prior to Version 31

Insufficiently Protected S3 Bucket Endpoint in Automox Agent Prior to Version 31

CVE-2021-26909 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.

Learn more about our Web Application Penetration Testing UK.